Hi everyone,I'm working with the Security Incident Response Workspace in ServiceNow and looking to restrict user actions on email replies.Specifically:When a user clicks "Reply" or "Reply All" on an email in the activity stream, I would like to eithe...
Hi All, I recently installed the now assist SIR application and am testing it on demo data. Unfortunately, when i click "get recommendations" I am presented with an endless buffer. The only configuration I did was activate the the skills. Am I missin...
I see it as u_severity_scale Reference but no idea what it is and has no values.I have other fields for severity, service condition, priority and urgency so I'm confused what Severity Scale was meant for or how it can be used?
Regarding Qualys integration with Vulnerability Response:Discovered Items are matched with Decommissioned CIs even when the property - 'sn_sec_cmn.filterOutDecommissionedCI' is set to true.Why does this happen?
Whenever a Security Incident is created a related Security Incident Response Task is also created. Need to disable these related task records. Have checked through the documentation, SIR properties, configuration and flows but have not seen where to ...
Hi Team,I am currently working with playbook functionality in the Security Incident Response(SIR) module .While configuring a Playbook using Process Automation Designer ,I haven't found any option that allows navigating or reverting back to a previou...
Hi there,I have a requirement where I need to create Catalog Item 1 (considered the parent) with two variables: Manager and Employee.Once Catalog Item 1 is submitted (ordered), it should trigger an email notification to the Manager. In the body of th...
Hello,I am attempting to modify a module to load a table sorted by item number in ascending order to enhance performance. Despite setting the link type to URL and configuring the arguments, the module continues to use user preferences to load the vul...
Hi Community, We’re currently implementing Security Incident Response (SIR) for a customer using the Microsoft Azure Sentinel integration. They’re looking to include MITRE ATT&CK information (Tactics and Techniques) in their Security Incidents; howev...
Hi Team, We are building integration between Microsoft Azure sentinel to ServiceNow SIR record. Sentinel has MITRE Technique ID and we want to fetch that ID and map it to Tactics and techniques in SIR record fields. Please be informed we have Threat ...
Hi,We have an API from Sentinel which creates records directly into the sn_si table as Security Incident. This integration passes the MITRE Technique T numbers into a custom "techniques" field today as well as the Tactic numbers into a different cust...
We have integrated the Azure Sentinel with ServiceNow for Security Incident creation, and it also passes the Tactic and Technique information. We have enabled the MITRE ATT&CK matrice (Enterprise) and the associated techniques, however, this is only ...
Hi Team, We have configures bidirectional integration for Microsoft Azure Sentinel and SIR ServiceNow ,there is a requirement to fetch custom field on sentinel called as site_name we want to map it to Business Unit of SIR record . while checking azur...
Hello! Scenario: We have already implemented the SecOps integration with Sentinel and our current CMDB uses both IP or hostname as identifierQuestion 1: What is the best "Azure Sentinel Source Fields" to map to the "ServiceNow Configuration Item" fie...
Hi ServiceNow Community, I am currently working with mapping entities from Sentinel to ServiceNow using the plugin called Microsoft Sentinel (x_mioms_azsentinel). The problem is that the entities on the Sentinel tickets are being mapped to Work notes...
